Wednesday, August 8, 2018

Policy maps and TCP traffic - limiting ACKs?

I need a sanity check on this. Update- platform is Cisco ASA

  • ACL: permit tcp any any
  • Class Map: match ACL
  • Policy Map: use class map, police outbound traffic to 2Mbps
  • Service Policy: use policy map, applied to outside interface

This should limit all outbound TCP traffic on that interface to 2Mbps, which it is doing successfully. Problem is that somehow it's also limiting inbound traffic to 2Mbps. Vendor told me that this is happening because inbound TCP ACKs are being limited. If that's the case, I would expect that 2Mbps worth of inbound ACKs would equal a larger amount of overall outbound traffic. I don't have any data/numbers to support this, just my gut.

Curious to see everyone's thoughts.



No comments:

Post a Comment